Category: Product

Many of the problems are flaws in the operating system’s underlying open-source software, including a critical flaw in the Kerberos authentication system–software that can act as a gatekeeper for computer networks.

The patch is available for Mac OS X 10.3.5 and Mac OS X 10.3.4, and also fixes issues in Mac OS X 10.2, known as “Jaguar.”

“All security enhancements…are also available for Jaguar, if the issue could occur on Jaguar systems,” a security advisory from the company said. The patch fixes software flaws that could enable an attacker to crash or freeze the Apache 2 Web server, run software by utilizing Apple’s Safari Web browser or expose the password store used by the network.

Security information provider Secunia ranked the Kerberos threat as “highly critical,” its second-highest danger rating.

Apple has pointed to open-source software as a source of security for the company’s operating system. While open-source projects tend to release patches as soon as possible, Apple and other companies have moved to more occasional releases of collections of patches.

Apple’s advisory, with details of the update, is available on the company’s Web site.

http://news.com.com/Apple+fixes+15+flaws+in+Mac+OS+X/2100-1002_3-5350010.html?tag=nefd.top

The workflow engine, which will enable IT to horizontally integrate management functions, will be added to five of CA’s eight IT Service Management Suite components, and the data generated will be available with the suite’s IT services cataloging, fulfillment, metering, assurance and accounting modules. The engine will automate the processes of ordering, delivering and measuring IT services as well as provide a streamlined way to charge for the services based on usage, officials said.

The suite is designed to better align technical operations management with the business. Toward that end, the new workflow engine also creates linkages between service delivery and Unicenter infrastructure management systems, CA officials said.

“To the extent you can connect the metering application to the actual network and system management and actual applications that are running,” Lamm said, “you can get quicker and better measurement of whether you are making the SLA [service-level agreement] commitment.” “If you want to deliver security services, it can connect directly to security services [applications] through this workflow engine,” Lamm said.

While the new workflow engine may enhance the ability of IT to horizontally integrate its management functions, how flexible it is remains to be seen, said industry analyst Rick Ptak, of Ptak & Associates, in Amherst, N.H.

http://www.eweek.com/article2/0,1759,1642711,00.asp?kc=EWRSS03119TX1K0000594

The company released a module for its Sendmail e-mail server software that attempts to verify the source of messages to help Internet users block mail from unwanted senders. The technique is part of a developing Internet standard known as Sender ID.

“What authenticating does is allow you to rely on who sent the message,” said David Anderson, CEO of Sendmail, a maker of e-mail software. “We believe people will stop filtering out bad messages based on bad content and instead allow good messages with good senders.”

The majority of e-mail carried across the Internet uses the open-source Sendmail program, which runs on the Linux and Unix operating systems.

The new module for the program allows e-mail administrators to modify their systems and add the authentication technology.

Sender ID is a hybrid specification created from the Caller ID for E-mail system proposed by Microsoft and another antispam technology known as Sender Policy Framework that was developed by Meng Wong, the founder of e-mail service Pobox.com. The specification has not been finalized by the Internet Engineering Task Force, the technical group that sets Net standards.

“We want to get this thing accepted, because it has the best functionality and shortest deployment time of any of the choices right now,” Anderson said.

Sendmail is distributing a test version of the software to get enough companies onboard and gauge a computer’s ability to authenticate e-mail messages in real time. Adding the authentication to an e-mail server slowed processing down by 8 percent for outbound traffic and 15 percent for inbound traffic, according to the Sendmail’s testing site.

“The current focus is to try these authentication systems with real mail on real systems to determine if the approaches proposed are robust enough to survive in the current infrastructure,” the company stated in a white paper on the topic.

The new modules can be downloaded from the Sendmail testing site.

http://news.com.com/Sendmail+searches+for+antispam+testers/2100-1032_3-5330638.html?part=rss&tag=5330638&subj=news.1032.5

“What BMC is proposing is a better way to manage applications, by creating models of how the application depends on the infrastructure,” said Jean-Pierre Garbani, an analyst at Forrester Research. “With a model, IT people can see that one component is not behaving normally…It’s a way to speed up and make problem management more intelligent,” Garbani said.

On Tuesday, the software maker plans to introduce an update to its Control-M program for organizing computing jobs. The revamp, Batch Impact Manager, helps businesses head off glitches and prioritize problem reports, BMC said.

Application failures are very costly to corporations, as they can prevent employees from doing their jobs or take revenue-generating applications, such as e-commerce Web sites, offline.

Business service management products help operators spot more quickly the source of problems that affect application performance, such as problems with servers, networking hardware and other underlying components.

The addition next week of the Batch Impact Manager to the Control-M software will enable system operators to get a consolidated view of scheduled batches of jobs, BMC said. If there is a failure in one of them, the software can send an alert and highlight possible problems with other applications. For example, the failure of a mainframe job to update customer transactions scheduled for the middle of the night could prevent a financial trading application from being available the following morning.

http://zdnet.com.com/2100-1104_2-5342278.html

The technology will lower Wi-Fi installation costs and let businesses more easily deploy a high-capacity wireless network.
“What Aruba does is allow you to put in an access point in a matter of moments,” says CraigThat will let businesses install more wireless access points, creating a “wireless grid” that will result in a network with a greater data-carrying capacity than a conventional wireless network, says Merwyn Andrade, Aruba’s chief technology officer.

Ortronics initially plans to offer two types of Wi-Jacks.
One is a device that plugs into the network port (powered by the network) and the other is a jack with the WiFi built-in
[Auditors review your physical review processes and procedures for sites].

http://informationweek.com/story/showArticle.jhtml?articleID=45400023

Despite criticism of Microsoft’s patch cycle, reaction to Oracle’s decision so far seems positive.

The Redwood Shores, Calif.-based company announced its decision to do monthly security updates last week after news of 34 vulnerabilities in multiple versions of its database server — the majority of them critical — were widely reported.

Generally, the flaws have to do with the Procedural Language/Structured Query Language and its triggers. One flaw allows an attacker to gain control of the database server without a userID or password, while others allow low-privileged users to take over the database server.

“Oracle is moving to a monthly patch rollup model because we believe a single patch encompassing multiple fixes, on a predictable schedule, better meets the needs of our customers,” Oracle spokesman added. “The problem isn’t when patches aren’t available, it’s when the patches are released and people don’t apply them.

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1002437,00.html